OUR THOUGHTS ON:

IRS Publication 1075: Safeguards for Protecting Federal Tax Returns and Return Information

Technology|Tax

By Christopher Watson

The most recent revision of IRS Publication 1075 became effective August 24, 2010. Since then, it has been supplemented with several additional requirement publications that provide guidance to recipients of Federal Tax Information (FTI) to better ensure that they protect the confidentiality of the information they receive from the IRS.

The IRS Safeguards Program is responsible for ensuring that FTI is protected at all points where it is received, processed, stored and maintained and secured as if it never left the possession of the IRS. An agency must ensure that its safeguards will be ready for immediate implementation upon receipt of FTI.

Publication 1075 requires applicable agencies to complete a Safeguard Procedures Report (SPR) and an annual Safeguard Activity Report (SAR) and to submit the reports to the IRS for review.

Coverage includes the following control areas, among others: 

  • Secure Storage Practices and Media Access Protection
  • Restriction of Access and Technical Access Controls and Personnel Security
  • Additional Technical Safeguards
  • Transmittal of FTI and Disposal Practices
  • Information Technology (IT) Security and Security Planning
  • Risk Assessments Practices
  • System and Service Acquisition Controls
  • Security Assessment Functions
  • Configuration Management and Maintenance
  • System and Information Integrity
  • Incident Response and Breach Management
  • Security Awareness and Training
  • Identification and Authentication Practices
  • Audit and Accountability
  • System and Communication Protection

Several additional Information Technology Controls related to specific technologies that may or may not be applicable to the agency are also covered in detail and should be assessed as applicable.

In order to ensure compliance, on-site safeguard reviews are also conducted. These are evaluations of the use of FTI and the protection of the FTI within the agency or contractors’ environment. The IRS regularly conducts on-site reviews of agency safeguards through the Office of Safeguards. 

It is important to note that it is the agency’s responsibility to ensure that all of its functions within their agency, including consolidated data centers and contractors with access to FTI, understand and implement the Publication 1075 requirements and build effective security controls into their own Information Technology (IT) infrastructures.

If you are an agency handling FTI, or a vendor or contractor associated with such an agency, the IRS.gov website contains additional guidance, tools and frequently asked questions to assist agencies in meeting safeguard requirements. Additionally, electronic versions of the SAR and SPR report templates can be found here as well.

For additional clarification or questions on IRS Publication 1075 content, please contact Chris Watson at cwatson@schneiderdowns.com or by phone at (614) 586-7108.

© 2012 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

 

This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax related matter

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2018 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

comments